Versions Compared

Old Version 6

changes.mady.by.user Wolfgang Granzer

Saved on

compared with

New Version 7

changes.mady.by.user Wolfgang Granzer

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

An inbound rule for the OPC Enum process has to be added. On the top left corner, select "‘Inbound rules ..."’. Afterwards, click “New Rule ...” at the top right corner. Within the dialog, select “Program” as rule type:

...

In the next step, select the executable file of the OPC enum process . It is located at:

  • 32 bit operating sytem: C:\Windows\System32\OpcEnum.exe

  • 64 bit operating sytem: C:\Windows\SysWOW64\OpcEnum.exe

...

Next, select “Allow the connection”.

...

As next step, select the network profile(s) for with the rule shall be active.

...

Finally, specify a name for rule (e.g. “OPC enum”).

...

After having confirmed the last step, a new rule is created and activated immediately.

Creating a rule for the NETx Server

Note

These steps have to be performed at the OPC server side only.

It is required to permit communication to the NETx Server. The setup of the NETx Server is creating a corresponding firewall rule automatically. For the NETx BMS Platform this rule is called “NETx BMS Platform Core Server” – for the NETx MP Server it is called “NETx MP Core Server”. If the corresponding rule is not listed, create a new one by performing the same steps as described above. As program path, the executable of the NETx Server has to be specified. If the default installation directories are used, the executable of the NETx Server can be found here:

  • NETx BMS Platform:

    • 32 bit operating system: C:\Program Files\NETxAutomation\BMS Platform\Core\NETxBMSCoreServer40.exe

    • 64 bit operating system: C:\Program Files (x86)\NETxAutomation\BMS Platform\Core\NETxBMSCoreServer40.exe

  • NETx MP Server:

    • 32 bit operating system: C:\Program Files\NETxAutomation\MP Server\Core\NETxBMSCoreServer40.exe

    • 64 bit operating system: C:\Program Files (x86)\NETxAutomation\MP Server\Core\NETxBMSCoreServer40.exe

Note

The rule that is automatically added by the setup is activated for the network profiles “Private” and “Domain”only. If the connected network is defined as “Public”, the rules has to be changed accordingly.

Creating a rule for the OPC client

Note

These steps have to be performed at the OPC client side only.

It is also required to permit communication to the OPC client. Create a corresponding firewall rule by performing the same steps as for the server rule.

Changing the local security policy

Note

These steps have to be performed at both sides – at the OPC server and at the OPC client side.

In order to allow OPC communication, the local security policy has to be changed. Open the configuration dialogue (“Control panel –> System and Security –> Administrative Tools –> Local Security Policy”) and navigate to “Security Settings –> Local Policies –> “Security Options” and enable the option “Network access: Let Everyone permissions apply to anonymous users”.

...

User settings

To be able to establish an OPC connection between a NETx Server and an OPC client, the user management must be configured accordingly. In general, it is necessary that both PCs must have at least one common Windows user. This Windows user must use the same user name and password and it must have local administrator rights at both machines. The NETx Server process does not need to run under the common user. It can be run under the user “SYSTEM” (default for NETx Servers) or any user that has administrator rights. However, the OPC client itself must run under the common user – otherwise the OPC communication will not work. Depending on the used environment, the following configuration steps may be possible

Both machines are member of the same Windows domain

Since both machines are member of the same Windows domain, they are using the same user database. This means any domain user can be used as common user. However, the common user must have local administrator rights at both machines. To add local administrator rights, open the Computer Management dialogue (“Control Panel –> System and Security –> Administrative Tools”) and select “Computer Management –> System Tools –> Local Users and Groups –> Groups”. Double click “Administrators” and add the common user to the local administrator group.

...

Both machines are member of different Windows domains

If both machines are member of different domains, trust must be established on both domain controllers. This means that the users of domain A must be trusted by domain B and vice versa. More information about setting up trusts between domains can be found in the Microsoft Windows Server documentation. In addition, local administrator rights must be given to the common user at both machines. This can be done by using the same steps as shown above.

Both machines are not member of a Windows domain

If both machines are not member of a Windows domain, a common user has to be created on both machines. This user must have exactly the same user name and the same password at both machines. In addition, the user must have administrator rights on both machines.

DCOM configuration

The DCOM configuration at the NETx Server side consists of three steps:

  • Configure default DCOM settings

  • Configure DCOM settings of OPC enum

  • Configure DCOM settings of NETx Server

Configure default DCOM settings

First, the general DCOM settings have to changed. Within the DCOM configuration dialogue, right click at “My Computer”, select “Properties”, and change to the tab “Default Properties”. Within this tab, ensure that the “Authentication Level” is set to “None”.

...

Then, the limits of the DCOM security settings have to be changed. Change to the tab “COM Security”.

...

Within “Access Permissions”, press the button “Edit limits” and change the permissions of “Everyone” and “ANONYMOUS LOGON” according to the following figures:

...

Then, close the dialogue and press the button “Edit limits” within “Launch and Activation Permissions”. Change the permissions of “Everyone” and “Administrators” according to the following figures:

...

Afterwards, the changes have to be confirmed by pressing the “OK” button.

Configure DCOM settings of OPC enum

As next, the DCOM security settings of the OPC enum process have to changed. Within the DCOM configuration dialogue, open the tree “DCOM Config” and locate the entry “OPCEnum”. Right click at the entry, select “Properties”, and change to the tab “General”. Within this tab, ensure that the “Authentication Level” is set to “None”.

...

Then, change to the tab “Security”. Within the “Launch and Activation Permissions”, select “Customize” and press the “Edit” button. Change the permissions of “Everyone” and “Administrators” according to following figures:

...

Close the dialogue again. Within the “Access Permissions”, select “Customize” and press the “Edit” button. Change the permissions of “Everyone”. Afterwards, close the dialogue. Within the “Configuration Permissions”, select “Customize” and press the “Edit” button. Change the permissions of “Administrators”.

...


The DCOM configuration of the OPC enum process is finished now and the dialogue can be closed again.

The attached document guides you through the configuration process

...